package com.friends.common.web.interceptor;

import com.friends.common.tools.constant.Salt;
import com.friends.common.tools.util.Tools;
import com.friends.common.web.annotation.AccessToken;
import com.friends.common.web.exception.AccessTokenException;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;

/**
 * 用户令牌拦截器，创建用户令牌、移除用户令牌和校验用户令牌
 * Created by xiajiangge on 2017/3/28.
 */
public class AccessTokenInterceptor extends HandlerInterceptorAdapter {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if(!(handler instanceof HandlerMethod)) return super.preHandle(request,response,handler);
        HandlerMethod handlerMethod = (HandlerMethod)handler;
        Method method = handlerMethod.getMethod();
        AccessToken accessToken = method.getAnnotation(AccessToken.class);
        if (accessToken == null ) {
            return true;
        }
        boolean needAccessTokenCreate = accessToken.create();
        //创建accessToken
        if(needAccessTokenCreate){
            //获取userId参数名
            String userIdParamName = accessToken.userIdParamName();
            //获取user唯一标识
            String userId = request.getParameter(userIdParamName);
            if(StringUtils.isEmpty(userId)){
                throw new AccessTokenException("未获取到用户唯一标识");
            }
            //获取accessToken参数名
            String accessTokenParamName = accessToken.accessTokenParamName();
            if(StringUtils.isEmpty(accessTokenParamName)){
                throw new AccessTokenException("未获取到accessToken参数名");
            }
            //获取当前sessionid
            String sessionId = "";//request.getSession().getId();
            //生成accessToken串
            String accessTokenStr = Tools.MD5(Salt.token.getSalt() + sessionId + userId);
            request.setAttribute(accessTokenParamName, accessTokenStr);
        }

        boolean needAccessTokenRemove = accessToken.remove();
        //移除accessToken
        if(needAccessTokenRemove){
            //获取accessToken参数名
            String accessTokenParamName = accessToken.accessTokenParamName();
            if(StringUtils.isEmpty(accessTokenParamName)){
                throw new AccessTokenException("未获取到accessToken参数名");
            }
            request.getSession().removeAttribute(accessTokenParamName);
        }

        boolean needAccessTokenValid = accessToken.valid();
        //校验accessToken
        if(needAccessTokenValid){
            //获取userId参数名
            String userIdParamName = accessToken.userIdParamName();
            //获取user唯一标识
            String userId = request.getParameter(userIdParamName);
            if(StringUtils.isEmpty(userId)){
                throw new AccessTokenException("未获取到用户唯一标识");
            }
            //获取accessToken参数名
            String accessTokenParamName = accessToken.accessTokenParamName();
            if(StringUtils.isEmpty(accessTokenParamName)){
                throw new AccessTokenException("未获取到accessToken参数名");
            }
            //获取accessToken
            String accessTokenValid = request.getParameter(accessTokenParamName);
            if(StringUtils.isEmpty(accessTokenValid)){
                throw new AccessTokenException("未获取到用户令牌");
            }
            //获取当前sessionid
            String sessionId = "";//request.getSession().getId();
            //生成accessToken串
            String accessTokenStr = Tools.MD5(Salt.token.getSalt() + sessionId + userId);
            if(!accessTokenValid.equals(accessTokenStr)){
                throw new AccessTokenException("非法用户请求");
            }
        }

        return true;

    }

    @Override
    public void postHandle(HttpServletRequest request,
                           HttpServletResponse response, Object handler,
                           ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request,
                                HttpServletResponse response, Object handler, Exception ex)
            throws Exception {

    }

}
